[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Unintended Proxy/Intermediary

ID: 441Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

A product can be used as an intermediary or proxy between an attacker and the ultimate target, so that the attacker can either bypass access controls or hide activities.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Non-Repudiation
Access_Control
 
Gain privileges / assume identity
Hide activities
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
 
 Enforce the use of strong mutual authentication mechanism between the two parties.
 
  

Relationships

Related CWETypeViewChain
CWE-441 ChildOf CWE-902 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-1999-0168 : Portmapper could redirect service requests from an attacker to another entity, which thinks the requests came from the portmapper.
  2. CVE-2005-0315 : FTP server does not ensure that the IP address in a PORT command is the same as the FTP user's session, allowing port scanning by proxy.
  3. CVE-2002-1484 : Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.
  4. CVE-2004-2061 : CGI script accepts and retrieves incoming URLs.
  5. CVE-2001-1484 : MFV - bounce attack allows access to TFTP from trusted side.
  6. CVE-1999-0017 : FTP bounce attack. Protocol allows attacker to modify the PORT command to cause the FTP server to connect to other machines besides the attacker's. Similar to proxied trusted channel.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Unintended proxy/intermediary
 
 
PLOVER  Proxied Trusted Channel
 
 
WASC 32
 
Routing Detour
 
 

References:
None

CVE    5
CVE-2018-16598
CVE-2018-1999038
CVE-2015-2947
CVE-2019-3924
...

© SecPod Technologies